[leave comments for topic want to be covered]
old/new tools, breaches, exploits, bugs...
how to do... what not to do...
some video... some text... some audio...
'n the best part... all legal

Thursday, February 18, 2010

on 18-Feb-2010 :: NetWitness reported 'Kneber Botnet' {CRITICAL}

On 18-Feb-2010; NetWitness has reported of new malware 'Kneber botnet';

its a variant of Zeus and mainly target stealing Credentials, Key-logging, etc.... has affected more than 2500 organizations;

... currently no IPS/IDS have adequate signatures detecting it.

... it can also act with other malwares, fav noticed is Waledac (a P2P Trojan)

[] A try to check if Machine is infected by a Kneber (Zeus Variant), is

The registry key can be found by following this path, he said:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit

normally will have an entry like "C:\WINDOWS\system32\userinit.exe,"
ZeuS will add itself to the list, typically as 'ntos.'
But could always change its name; so if any un-relevant entries found here... may be machine is infected.

If any more entries found, or suspicion is there scan the file listed here.

[] Its suggested to patch all latest MS10-* and Adobe releases on all the machines;
and as always not open suspicious e-mails

[]NetWitness said that Kneber was primarily found on corporate and government computers, however home users are likely to attract the infestation as well.